Electronic payment transactions have become increasingly important, and tremendous efforts are constantly placed into the development of suitable systems for carrying out such transactions. One such system is the so-called “electronic wallet” or “electronic purse”, which holds sums of money withdrawn from a bank, which can be used to pay for goods and services. The electronic wallet present several problems which, so far, have limited its use: it has a considerable security problem, inasmuch as the loss of the wallet entails the loss of the money it carries, it requires sophisticated storage means, coupled with a “smart card”, as well as complicated and expensive encryption procedures. It further presents a disadvantage that renders it unattractive for many persons, namely, it causes a loss of feeling of control over the money it contains. Since all procedures are automated, encrypted and electronic, with only minimal intervention of the owner, many owners feel that they have no real control over the movement of their money.
Electronic cash has many applications, ranging from the use of electronic wallets carried on the owner, in lieu of credit cards, in daily transactions and including payments for goods and services purchased over the Internet. While purchases made over the Internet are by no means the sole use for the electronic cash, they probably are the most problematic, mainly because of security problems.
The problem of payments over the Internet is well known, and many solutions to it have been suggested. The problem is a complicated one, because the use of credit cards over the Internet is unsafe, and because in many transactions the buyer does not wish to provide details of himself, or of his bank account.
Among the systems suggested to overcome this problem, there can be mentioned a few. For instance, a concept called “First Virtual” first asks a potential customer to fill out an application form providing standard personal information. First Virtual would then send a personal identification number (PIN) with an 800 number over the Internet to the customer's email. Then the customer is supposed to use the 800 number to give the customer's credit card information over the phone to First Virtual to establish or open no more than just an electronic charge account.
Another concept called “Cybercash” requires customers or buyers on the Internet to first open a special Cybercash bank account that contains money designated for spending on the Internet. A consumer issues instructions to purchase goods or services on the Internet and money for these items are transferred from the consumer's Cybercash bank account to that of the merchant's. Transactions are anonymous unless the seller specifically asks for the identity of the buyer.
Yet another concept called the “Netbill” requires a buyer on the Internet to first put money in a Netbill account and subsequent transactions made by the buyer are to be drawn off from the account sum or balance. Accounts of both buyers and sellers are maintained on a Netbill server, to keep transactions off the Internet and to maintain lower transaction costs. After a purchase is made, the transfer of funds will automatically take place at the server. Digital goods, e.g. programs, documents etc. are transferred to the buyer in encrypted form. When the Netbill account has cleared the transaction, a receipt containing the key to the encrypted goods is sent to the merchant, then forwarded to the consumer.
A two-step process called “Millicent” had also been introduced, using fake money. A merchant creates its own electronic currency, or “scrip”, that is sold to brokers. Brokers then sell the scrip to buyers. Sellers deal with just a handful of accounts, spreading transaction costs over a large volume of purchases. Millicent customers need to buy currency from only a few trusted brokers.
Another system is the so-called “Digicash” or “ecash”. In theory this system turns a user's or buyer's hard drive on a PC into a purse. To use this system, one first establishes an account with a bank. To obtain digicash or ecash, the user creates a series of numbers that will represent a mixture of coins or money bills in various denominations according to the user's own wishes. This request for digicash is then sent to the bank, which deducts the total amount requested from the user's existing valid account. The bank then sends the user an equivalent amount of ecash as an encrypted email message containing a series of numbers. Each number corresponds to a specified amount of money. Before the user can actually use these encrypted series of numbers from the bank to purchase goods or services on the Net, the user must first obtain a user name and a password from Digicash. Then the user has to download Digicash's ecash software to the user's PC. The final step is to create the user's own encryption key (in essence another password) and together with the user's password obtained earlier from Digicash, the user can then spend ecash on the Net. The operation of this system is illustrated in FIG. 1.
Another prior art system is NetCash, which is described in “Gennady Medvinsky and B. Clifford Neuman, Electronic Currency for the Internet, Electronic Markets Vol 3. No. 9/10, October 1993, pages 23-24”, and in “Gennady Medvinsky and B. Clifford Neuman, NetCash: A design for practical electronic currency on the Internet, In Proceedings of the First ACM Conference on Computer and Communications Security, November 1993. It is a framework for electronic cash developed at the Information Sciences Institute of the University of Southern California. It uses identified on-line electronic cash. Although the cash is identified there are mechanisms whereby coins can be exchanged to allow some anonymity. The system is based on distributed currency servers where electronic checks can be exchanged for electronic cash. The NetCash system consists of buyers, merchants, and currency servers. An organization wishing to set up and manage a currency server obtains insurance for the new currency from a central certification authority. The currency server generates a public/private key pair. The public key is then certified by being signed by the central authority. This certificate contains a certificate ID, name of the currency server, currency server's public key, issue date and an expiry date, all signed by the central authority:
The currency server mints electronic coins, which consist of:    1. Currency Server Name: Identifies a currency server.    2. Currency Server Network Address: Where the currency server can be found. If this address is no longer in use, a name server can be queried to find the current address.    3. Expiry Date: Limits the state that must be maintained by each currency server.    4. Serial Number: Uniquely identifies the coin.    5. Coin Value: Amount coin is worth.
The coin is signed with the currency server's private key. The currency server keeps track of the serial numbers of all outstanding coins. In this way double spending can be prevented by checking a coin's serial number with the currency server at the time of purchase (or exchange). If the coin's serial number is in the database it has not been spent already and is valid. When the coin is checked the serial number is then removed from the database. The coin is then replaced with a new coin (coin exchange). An electronic cheque can be exchanged with a currency server for electronic coins. The currency server is trusted not to record to whom the coins are issued. To further aid anonymity a holder of coins can go to any currency server and exchange valid coins for new ones. The currency server does not know who is exchanging coins, only the network address of where they are coming from. By performing the exchange and by choosing any currency server to do this with, it becomes difficult to track the path of the coins. If a currency server receives coins that were not minted by it, it will contact the minting currency server to validate those coins.
FIG. 2 shows how a buyer uses NetCash coins to purchase an item from a merchant. In this transaction the buyer remains anonymous since the merchant will only know the network address of where the buyer is coming from. NetCash assumes that the buyer has or can obtain the public key of the merchant, and that the merchant has the public key of the currency server.
Another system that has been suggested is the PayMe system (Michael Peirce and Donal O'Mahony, “Scaleable, Secure Cash Payment for WWW Resources with the PayMe Protocol Set”, presented at the Fourth International World Wide Web Conference, Dec. 11-14, 1995, Boston, Mass., USA—http://www.w3.org/Conferences/WWW4/Papers/228/). PayMe is an on-line electronic cash system. The entities involved are banks and users. Users can be either buyers or merchants but each has the same functionality. They can make payments, accept payments, or deal with the bank. Each bank mints its own identified electronic cash with serial numbers. Double spending of coins is prevented by the bank maintaining a database of coins in circulation. Any user in the PayMe system can accept payments and make payments. Merchants can receive payments for selling Web goods but they can also make payments to the buyers. This can be used for making refunds or in pay-out services. A simple model showing the basic functionality of the PayMe system is shown in FIG. 3.
Both symmetric and public-key cryptography are used. Each entity has its own public/private key pair. It is a stand-alone system which has been tailored for use with the Web. The PayMe system uses its own secure communications protocol, the PayMe Transfer Protocol (PMTP), to communicate between entities.
Coins are the pieces of data that represent monetary value within the system. The coins are digitally signed by the bank using public key cryptography to make them valid currency. Each coin has a serial number which is entered into the bank's database when the coin is minted. Coins have fields for the coin value, serial number, bank id, bank host name and port number, and expiry date. When these five fields are put together and signed with the bank's private key, a valid coin is created.
PayMe can be used with any Web client or server. To purchase an item a user starts up both their PayMe Wallet and any Web client. They browse the Web until they find a merchant shop, which will be presented by a HTML document. A combination of PMTP messages are used in a purchase transaction, as shown in FIG. 4.
All the aforementioned systems require a direct interaction between the seller and the buyer during the transfer of the payment and/or involve complicated and time-consuming key agreement processes.
In a recently issued patent, U.S. Pat. No. 5,913,203, a system is suggested, which is stated to provide totally anonymous or effectively anonymous cash-like transactions, which are accomplished by using a pseudo cash data package converter for inserting a user key into a pseudo cash preliminary data packet through the use of a user insertion key to generate a pseudo cash unit with a fixed monetary value that can be used to purchase goods or services via the Internet. A pseudo cash repository facilitates the cash-like transactions and maintains a record of the pseudo cash units and their fixed monetary value. Depending upon the level of anonymity selected by a purchaser, the pseudo cash repository can either transmit pseudo cash preliminary data packets or pseudo cash units to a first entity. If the first entity loses an effectively anonymous pseudo cash preliminary data packet, it can be replaced by the pseudo cash repository without risk of loss.
This patent is said to solve one of the prior art problems existing, e.g., in the Digicash system, in which a user's ecash is stored as a series of numbers on the hard disk of his PC. This leads to the danger that, if one has a disk crash, which is quite common nowadays in view of the complexities of modern day software, or if one's computer is stolen, one has lost his money.
Another severe drawback of certain systems is that they require that the cash dispenser be involved in the transaction, to identify the users (either the buyer, the seller, or both), rendering the transaction cumbersome, and detracting from its privacy.
Because, of these facts, there is currently no electronic “currency” that can be used in a simple manner by the general public as well as by Internet surfers, just as one uses bills, coins or checks. For this reason, e-commerce is still relatively limited both in physical transactions, such as in shops and in service-providing establishments, and over the Internet. It is therefore clear that there is a great need for an electronic currency that overcomes the disadvantages of the prior art.
All the prior art methods and systems suffer from severe drawbacks arising from a misconception that could be termed “excessive protectivity”. The prior art does not take into account that most transactions made over the Internet or other LANs or WANs involve small sums. While it is important to ascertain that theft of such sums is made difficult, just as one keeps his pocket money, the danger of theft does not justify the complexity of the systems devised by the prior art.
Additionally, and largely because of said misconception, most of the prior art systems require the user to open an account with either a bank, or a pseudo-bank, or with a supplier, and either to provide prepaid funds to these accounts, from which it possible to draw, or to perform relatively complicated operations when the user wishes to spend, withdraw or generate funds.
Another severe drawback of certain systems is that they require that the cash dispenser be involved in the transaction, to identify the users (either the buyer, the seller, or both), rendering the transaction cumbersome, and detracting from its privacy.
Because, of these facts, there is currently no electronic “currency” that can be used in a simple manner by the general public in physical transactions or when surfing the Internet, just as one uses bills, coins or checks. For this reason, e-commerce is still relatively limited in physical shops and over the Internet.
It is therefore clear that it would be highly desirable to provide an electronic currency system which is free from all the aforementioned drawbacks, and which permits e-commerce to proceed freely, in a manner as similar as possible to live commerce.
It is therefore an object of this invention to provide electronic currency and a system for its implementation, that overcome all the aforementioned drawbacks of the prior art.
It is another purpose of this invention to provide electronic currency that can be converted to and from regular currency, and which can be transferred in real time from one Internet user to another.
It is a further purpose of the invention to provide an electronic currency and system which are user-independent, and which do not require a user key or identification, such currency being essentially “to the bearer”.
It is yet another object of the invention to provide electronic currency in electronic form that can be lawfully copied onto magnetic, optical or other media, so as to ensure against loss or crashes of the media where the currency is saved.
It is a further object of the invention to provide electronic money and systems employing it, which can be used for carrying out transactions over the Internet.
It is still another object of the invention to provide a method and system which permit to carry out delayed-payment transactions, much as when paying for goods or services with a post-dated check.
It is a further object of the invention to provide a method and currency which can be used for the simultaneous service receipt/payment, and which can further be used for payments which are linked to the quantity of goods or services electronically furnished.
Many preferred embodiments of the invention are useful in any system in which no concern for electronic theft exists, such as, e.g., private LANs or WANs, or public WANs, such as the Internet, in which other independent security means are provided, either by algorithmic or by electronic methods. However, if no independent security system exists, there remains a concern that currency theft may be effected at the user's level, e.g., by hostile downloadables or virus-like programs that may infiltrate the user's system. Such programs may, unknown to the user, copy the valid currency from the location where it is stored to another location, and then use it to carry out purchases. Such programs may even copy the entire data hard disk or other drive where the Internet money is stored.
Although the use of small amounts of money for small purchases greatly diminishes this danger, theft of this type is still possible. Furthermore, it is also possible, when the problem of this kind of theft (as opposed to physical theft) is solved, to use the aforementioned method for transactions involving large sums.
It is therefore another object of the present invention to provide a method and system for eliminating the problem of electronic theft of electronic currency, in systems employing an isolation server to effect currency transactions.
It is still another object of the invention to provide apparatus useful in exploiting the invention.
Other purposes and advantages of this invention will appear as the description proceeds.